You did it!
You migrated your organization’s mail environment to Exchange Online. The post-migration dust is starting to settle, the project plan tasks are nearly all checked off and you’re done, you’re finally done.
…or are you?
Below are a five tasks that can get overlooked when configuring your Exchange Online environment. While some may be optional for your organization, nearly all are quick and easy to implement.
1. Modify the Default Retention Policy
Mailboxes in Exchange Online are automatically assigned a retention policy called “Default MRM Policy”. You did check out this policy right? Microsoft has made some assumptions with this policy around keeping a tidy mailbox. While the settings are fairly conservative, we wouldn’t want emails being moved or deleted unexpectedly.
If you take a look at the “Default MRM Policy” retention policy in your tenant, you’ll see it’s primarily Personal tags that your users would need to use (or likely just ignore). There are, however, a couple settings to be aware of:
The “Deleted Items” and “Junk Email” folders are set to delete after 30 days. While that seems acceptable and many organizations are much more aggressive, you should at least notify users if you keep this setting and it’s different than what was previously in place.
To address these settings, you could create a new policy but that also means setting that policy for each mailbox now and in the future. The alternative is to edit the existing “Default MRM Policy” to meet your organization’s requirements by removing or changing the tags.
Additional information: Retention Tags and Retention Policies
2. Increase the Deleted Items Retention
The ability to recover a deleted message in Exchange Online is by default 14 days (the exception being mailboxes on Litigation Hold or In-Place Hold). This value, however, can be increased to a maximum of 30 days fairly easily.
There are two components to address here: First the existing mailboxes need to be addressed and then we should make this the default for any new mailboxes that are created in the future.
For existing mailboxes, you can run a command similar to below:
Get-Mailbox -ResultSize Unlimited | Set-Mailbox -RetainDeletedItemsFor 30
For new mailboxes, the “RetainDeletedItemsFor” value is one of the few settings you can change in your tenant’s mailbox plan. To set this value as the default going forward, use the following:
Get-MailboxPlan | Set-MailboxPlan -RetainDeletedItemsFor 30
There you go, you just doubled your recovery window for deleted items.
Additional information: Exchange Online users can’t keep messages for longer than 14 days in Office 365
3. Enable “End-User Spam Notifications”
Prior to Exchange Online, you may have been using a third-party spam filtering service. A common feature among these products is the ability for a user to “release” their own messages that may have been inadvertently quarantined. Users either have a URL that they know to go to in order to release the message or they receive an email notification on a scheduled basis.
In Exchange Online, users can access their spam quarantine via the URL: https://admin.protection.outlook.com/quarantine. If you want your users to receive email notifications, that needs to be configured in the service and is disabled by default.
The location of this setting is a bit hidden. If you navigate to the “Content Filter” tab within “Protection”, you’ll see a “Configure end-user spam notifications…” link on the right side. Once you find it, you basically check a single box to enable it and select a date interval (1 – 15 days) of how often you want the messages sent.
Additional information: Configure End-User Spam Notifications in Exchange Online
4. Set the Migration Endpoint Credentials
This is one you may have encountered during your migration project. If you implemented an Exchange hybrid environment as either a long-term strategy or just for migration purposes, you ran the “Hybrid Configuration Wizard” (HCW).
When running the HCW, you were asked for on-premises credentials and may have supplied your own. The credentials provided during the HCW are stored in the “Migration Endpoint” settings and are used by Exchange Online to migrate mailboxes. You may want these credentials to be non-expiring or to be a service account if you expect an extended cycle of mailbox migrations.
You can modify the endpoint using the “Set-MigrationEndpoint” cmdlet or by navigating to it in the portal. In the portal, you’ll find the endpoint by going to Recipients | Migration and then clicking the “…” and selecting “Migration Endpoints”. The account used needs to be a member of the “Recipient Management” group in the on-premises environment.
5. Enable Mailbox Audit Logging
This setting probably requires a discussion with your security team on what type of auditing they require from Exchange Online and what type of information can you provide. It’s best to have this discussion before you need the audit data, not after they come asking for it.
Enabling audit logging can be simple as running the command below:
Get-Mailbox -ResultSize Unlimited | Set-Mailbox –AuditEnabled $true
That said, take some time with this one to discuss the appropriate auditing strategy for your organization. If your organization has auditing needs then you’ll probably need to also look at using RBAC to grant people access to that data as well.
Additional information: Mailbox Audit Logging
- All of these tasks are executed fairly easily.
- The default Retention Policy assigned to mailboxes makes some assumptions that may not be appropriate for your organizations.
- The Deleted Item Retention can be doubled with two quick PowerShell commands.
- The option to notify a user of their quarantined items is available but disabled by default.
- Credentials for mailbox migrations are stored in the Migration Endpoint; migrations will fail if these are expired.
- Take the time discuss Mailbox Audit Logging with your security teams.
Did you find this article helpful?
Leave a comment below or follow me on Twitter (@JoePalarchio) for additional posts and information on Office 365.
Looking to do some more reading on Office 365?
Catch up on my past articles here: Joe Palarchio.